General

  • Target

    re-yang-win.exe

  • Size

    44.2MB

  • Sample

    241108-bds28strcn

  • MD5

    77b7d74832aadde63f80721f094ca67d

  • SHA1

    4802f835da9e939aef08be0a841b3be8ee947489

  • SHA256

    08a04b950c6031066e2e4ad246b25baef1c48c6227a75060e4ca6cbf440a629b

  • SHA512

    835ced24cd77e84862506a026375ed21570f98abcaf590420720b78098fe210f1056258ccd56ed7a569eef4cd6be71eb871ff1d34006037e57fd0a0ceeb85d00

  • SSDEEP

    393216:f1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfi:fMguj8Q4VfvLqFTrYw3WLXPhid+Vl

Malware Config

Targets

    • Target

      re-yang-win.exe

    • Size

      44.2MB

    • MD5

      77b7d74832aadde63f80721f094ca67d

    • SHA1

      4802f835da9e939aef08be0a841b3be8ee947489

    • SHA256

      08a04b950c6031066e2e4ad246b25baef1c48c6227a75060e4ca6cbf440a629b

    • SHA512

      835ced24cd77e84862506a026375ed21570f98abcaf590420720b78098fe210f1056258ccd56ed7a569eef4cd6be71eb871ff1d34006037e57fd0a0ceeb85d00

    • SSDEEP

      393216:f1Du8BtuBw2FEL3Z3aLUoQvo6LP/SgbSpYvKEh1EdKwlGQKPJuGsiTfREsrgCYfi:fMguj8Q4VfvLqFTrYw3WLXPhid+Vl

    • Contacts a large (698) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Clipboard Data

      Adversaries may collect data stored in the clipboard from users copying information within or between applications.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Legitimate hosting services abused for malware hosting/C2

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

MITRE ATT&CK Enterprise v15

Tasks